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1  Introduction 

Knowledge  and  common  knowledge  are  intuitive  concepts  that  help  us  reason  about  ordinary 
everyday  situations  in  which  we  have  only  partial  information.  They  become  more  complicated 
when  other  agents  in  the  situation  are  intelligent  and  have  reasoning  power,  for  then  our  state 
of  knowledge  contains  not  only  facts  about  the  world  but  also  facts  about  the  state  of  knowledge 
of  others,  and  how  these  states  change  over  time  depends  on  the  agents’  reasoning  ability  as 
well  as  on  the  occurrence  of  external  events.  (Cf.  the  “muddy  children’s  *  roblem”  in  [HM84].) 
It  is  appealing  to  use  these  concepts  to  reason  about  distributed  pr'  >cols,  for  processors  of 
a  distributed  system  can  be  thought  of  as  independent  agents  wit1  mly  partial  information 
about  the  global  state  of  the  system.  To  be  sure  our  reasoning  s  *rect,  it  is  necessary  to 
have  rigorous  and  precise  definitions  of  the  intuitive  concepts  undt  1  g  such  terms  as  “global 
state",  “time",  “knowledge”,  “message”,  etc.  Only  then  can  we  be  t  to  avoid  the  circularities 
and  inconsistencies  that  are  all  too  common  in  informal  reasoning. 

Halpern  and  Moses  informally  define  various  notions  of  “knowle  ge"  and  “common  knowl¬ 
edge”  in  the  context  of  a  particular  model  of  distributed  systems  in  which  every  processor  has 
a  clock  and  stores  in  its  state  the  entire  history  of  messages  sent  to  it  [HM84].  They  argue 
that  while  common  knowledge  is  desirable,  it  is  unattainable  in  many  realistic  settings.  They 
suggest  a  hierarchy  of  weakened  versions  of  common  knowledge  and  discuss  conditions  under 
which  these  can  be  achieved. 

We  find  the  assertion  that  “common  knowledge  is  not  attainable  in  real  world  systems” 1  to 
be  at  variance  with  our  intuition,  for  it  seems  clear  that  “common  knowledge”  in  the  intuitive 
sense  is  attained  in  the  real  world.  To  understand  this  disparity  between  the  formal  model  and 
our  intuition,  we  examine,  simplify,  and  make  more  precise  the  informal  definitions  given  in 
[HM84]. 

We  first  give  quite  general  and  simple  definitions  of  distributed  protocol,  knowledge  and 
common  knowledge.  Under  these  simplified  definitions,  the  arguments  of  [HM84],  suitably 
formalized,  still  apply  to  show  the  impossibility  of  attaining  common  knowledge  in  systems 
without  globally  simultaneous  transitions.  We  then  show  that  it  is  not  necessary  to  discard  the 
notions  of  knowledge  and  common  knowledge  in  favor  of  weaker  ones  in  order  to  obtain  realistic 
and  useful  definitions;  rather,  one  can  discard  the  assumption  that  formulas  be  interpretable  at 
every  global  state  and  instead  interpret  them  only  at  a  subset  of  “safe”  states.  This  is  analogous 
to  notions  of  database  consistency  in  which  the  database  is  only  required  to  be  consistent  at 
times  when  no  transaction  is  in  the  middle  of  execution.  Using  the  same  definitions  as  before 
but  restricted  to  safe  states,  we  get  a  new  and  different  notion  of  common  knowledge  which  can 
be  attained  in  situations  where  Halpern-Moses  common  knowledge  cannot. 

We  conclude  that  formalizing  these  concepts  is  subtle,  and  seemingly  innocuous  assumptions 
can  lead  to  unexpected  results.  Our  desire  is  to  formalize  concepts  of  knowledge  so  that  they 
may  aid  the  design  of  distributed  algorithms  and  clear  proofs  of  their  properties.  We  believe 
we  have  provided  a  solid  base  for  future  work  in  this  area. 

l|HM84],  Conclusions. 
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2  Distibuted  Protocols 

/ 


2.1  A  General  Model 
Definition  2.1  A  distributed  protocol, 

P  =  (n,Q,/,T>, 

consists  of  o  number  n  of  participants,  a  set  Q  of  local  states,  a  set  I  C  Qn  of  initial  global 
states,  and  a  next  move  relation  r  C  Qn  x  Qn  on  global  states. 

For  any  protocol  P,  let  Rp  be  the  r-reachable  global  states  of  P ,  that  is,  the  set  of  all  global 
states  we  can  reach  by  starting  in  I  and  talcing  any  number  of  r  steps.  By  definition,  only 
the  reachable  global  states  can  occur  in  a  run  of  P.  In  general  it  may  be  a  complex  task  to 
tell  if  a  given  element  of  Qn  is  in  Rp\  however,  in  this  paper  we  will  only  be  concerned  with 
the  reachable  global  states.  For  p6  (J"  a  global  state  and  i  a  participant,  we  write  (p),-  to 
denote  the  Ith  component  of  p.  We  will  also  use  the  notation  p  ~  q  to  mean  that  p,q  €  Rp 
and  (p),-  as  (g),-,  i.e.  they  are  indistinguishable  from  i’s  point  of  view.  Obviously  each  ~  is  an 
equivalence  relation.2 

Our  definition  of  protocol  is  certainly  simple  and  precise.  Let  us  argue  that  it  is  also 
sufficiently  general.  Anything  we  would  be  willing  to  call  a  distributed  system  can  be  broken 
up  into  a  finite  number  of  logical  entities  which  we  call  “participants” .  A  participant  may  be 
any  component  of  a  system:  a  processor,  a  buffer,  a  clock,  etc.3  Each  participant  has  some  total 
configuration  that  we  are  calling  its  (local)  state.  Furthermore,  the  states  of  all  the  participants 
combined  should  determine  the  entire  state  of  the  system  and  thus  which  global  states  can  next 
be  entered. 

It  is  easy  to  see  for  example  that  our  model  of  distributed  system  is  a  generalization  of  the 
shared  variable  model  of  Lynch  and  Fischer  (LF81).  In  that  model,  the  participants  consist 
of  shared  variables  and  processors.  Each  action  involves  exactly  one  processor  and  one  shared 
variable. 

Similarly  our  model  includes  synchronous  protocols  in  which  every  processor  sends  a  message 
to  every  other  during  each  round.  One  way  to  model  this  is  to  specify  that  the  set  of  possible 
states  is  of  the  form  Q  —  M",  i.e.  each  processor’s  total  configuration  consists  of  an  n-tuple. 
We  can  specify  that  the  *th  entry  of  j's  state  is  the  value  of  the  message  sent  from  t  to  j  during 
the  previous  round.  This  can  be  done  as  follows:  for  all  processors  t,  j ,  and  for  all  global  states 

“Our  definition  of  knowledge  given  in  Section  3  will  be  that  of  inherent  knowledge — those  facts  that  a  par¬ 
ticipant  could  deduce  given  arbitrary  computational  power.  Thus,  in  a  global  state  p  6  a  participant  t  will 
know  that  we  are  in  some  q  €  Rp  with  q  ~  p,  and  its  knowledge  will  consist  exactly  of  those  facts  true  in  all 
such  q.  The  problem  of  determining  membership  in  R>  is  not  relevant  to  the  notions  considered  in  this  paper. 
It  certainly  is  relevant,  however,  when  considering  knowledge  in  cryptographic  protocols  when  an  explicit  bound 
is  given  on  the  computational  resources  of  the  participants. 

*This  approach  is  different  from  most  of  the  other  formal  specifications  of  protocols  of  which  we  are  aware, 
e.g.  (CM85j,  (HM85],  (HF85J,  (PR85].  The  more  usual  approach  is  to  say  that  after  a  message  is  sent  it  may 
sometime  later  be  received  by  the  addressee,  but  a  message  in  transit  is  not  explicitly  modeled. 
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p,  q ,  r,  s,  if  (p,  g)  and  (r,  s)  are  in  r  and  if  processor  i  has  the  same  state  in  p  as  in  r,  then  the 
Ith  component  of  processor  j’s  state  is  the  same  in  q  as  in  s. 

The  sense  in  which  our  model  could  be  too  general  is  that  we  allow  any  transition  relation  r. 
Of  course,  for  certain  applications  we  can  make  appropriate  restrictions.  We  have  already  seen 
that  we  can  restrict  our  attention  to  processors  which  communicate  with  shared  variables,  or  to 
synchronous  message  passing  protocols.  Similarly,  instead  of  letting  each  processor’s  transitions 
be  perfectly  general,  we  can  restrict  our  attention  to  processors  with  specified  computing  power, 
e.g.  finite  automata,  polynomial  time  Turing  machines,  etc. 

One  interesting  kind  of  restriction  to  place  on  the  transition  relation  r  is  locality. 

Definition  2.2  LetT  —  {»i,...,»*}  be  a  set  of  participants,  and  let  Er{p,q)  bold  if  (p),  =  (g), 
for  all  i  €  T. 

•  We  say  that  (p,q)  affects  only  participants  in  T  if  Ej{p,q)  holds,  where  T  is  the  set  of 
participants  not  in  T. 

•  We  say  that  (p,g)  €  r  is  enabled  by  T  if  for  all  pi  such  that  ET{p',p),  then  (p\q ')  €  r  for 
the  (unique)  q1  such  that  Er{q\q)  and  Ejt(tf,p'). 

•  We  say  (p,  g)  €  f  is  local  to  T  if  it  affects  only  participants  in  T  and  is  enabled  by  T. 

•  We  say  that  a  protocol  is  pairwise  local  if  every  transition  in  r  is  local  to  some  set  T  of 
size  two. 

Thus,  a  transition  is  local  to  T  if  only  coordinates  belonging  to  T  are  changed  during  the 
transition  and  if  the  local  states  of  the  participants  not  in  T  have  no  effect  on  whether  or  not 
this  transition  can  occur.  Note  that  a  transition  local  to  T  does  not  necessarily  affect  all  of  the 
members  of  T.  Note  also  that  the  same  transition  can  be  local  to  two  sets  T\  and  Tj  but  not 
be  local  to  their  intersection.  Consider  for  example  the  transition  a  =  ((0, 1, 1, 1),  (1, 1, 1, 1)}, 
and  suppose  r  contains  every  transition  of  the  form  ((0,i2,x3,i4),  (1,12,13,14))  except  for 
((0,0, 0,0),  (1,0, 0,0)).  Let  T,-  =  {l,i}»  *  =*  2,3,4.  Then  a  affects  only  T,  (since  only  the  first 
component  changes),  and  a  is  enabled  by  T;  (since  no  matter  how  the  components  outside  of 
T,-  are  changed,  participant  1  can  still  make  the  transition  from  state  0  to  1).  Thus,  a  is  local 
to  T;  for  each  »,  but  clearly  a  is  not  local  to  D,-Ti  =  { 1 } . 


2.2  Comparison  with  Other  Models 

The  shared  variable  model  [LF81]  is  pairwise  local:  each  transition  is  local  to  one  processor 
and  one  shared  variable.  On  the  other  hand  the  synchronous  protocol  described  above  is  not 
pairwise  local:  each  transition  in  general  affects  all  n  participants.  We  believe  that  if  one  models 
a  distributed  system  at  a  sufficiently  fine  level  then  it  will  be  pairwise  local  simply  because  it  is 
difficult  to  insure  that  distant  events  occur  simultaneously.  However  it  is  sometimes  convenient 
to  discuss  synchronous  protocols  when  the  finer  analysis  would  only  obscure  what  is  going  on. 

The  models  described  in  [CM85],  [HM85],  [HF85],  [PR85]  are  all  asynchronous  message 
passing  systems  and  thus  are  pairwise  local  when  translated  to  our  protocols.  For  readers  more 
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familiar  with  these  other  models,  we  will  now  consider  one  of  them  in  more  detail.  Ch&ndy 
and  Misra  [CM85]  consider  systems  of  n  processors  in  which  there  are  three  disjoint  sets  of 
transitions:  sends,  receives,  and  local  events.  The  relation  between  sends  and  receives  is  that 
each  receive  must  correspond  to  a  unique  earlier  send.  The  Chandy  and  Misra  model  forces 
the  processors  to  remember  their  entire  local  history.  Furthermore,  the  ability  to  perform  a 
transition  depends  only  on  the  local  history  of  the  affected  processor  except  in  the  case  of  a 
receive,  which  also  requires  that  the  message  to  be  received  has  already  been  sent.  We  can 
characterize  the  Chandy  and  Misra  model  in  terms  of  our  protocol  model  as  follows: 

Proposition  2.3  The  Chandy  and  Misra  model  [ CM85 J  is  isomorphic  to  the  protocol  model 
P  —  {n  4-  1,Q,I,t): 

1.  Participants  1  to  n  are  the  processors  and  participant  n  +  1  is  the  message  buffer. 

2.  There  are  sets  E  of  local  events  and  A/  of  messages.  A  message  triple  (i,j,m)  is  a  send 
from  i  and  a  receive  by  j  of  message  m.  The  local  state  of  processor  i  is  a  list  of  local 
events  and  message  triples,  each  of  which  is  a  send  from  i  or  a  receive  by  i.  The  local 
states  of  the  buffer  consist  of  any  multiset  of  message  triples. 

S.  The  set  of  initial  global  states  is  the  singleton  I  =  (A,...,A,0)  in  which  all  processors 
have  the  empty  list  A  as  their  local  history  and  the  buffer  is  empty. 

4-  Each  transition  is  of  one  of  the  following  three  forms.  Transition  (a)  only  involves  par¬ 
ticipant  i,  and  transitions  (b)  and  (c)  only  involve  participants  i  and  n  +  1. 

(a)  Local  event  e  6  E  at  processor  i:  e  is  appended  to  i ’s  local  state. 

(b)  Send  of  m  €  M  from  processor  i  to  processor  j:  the  message  triple  ( i,j,m )  is  ap¬ 
pended  to  i ’s  local  state  and  added  to  n  +  1  ’s  local  state. 

(c)  Receive  by  processor  i  of  the  message  m  €  M  sent  by  processor  k:  a  message  triple 
( k,i,m )  is  deleted  from  n+  l’s  local  state  and  appended  to  i’s  local  state. 

2.3  Two  Examples 

We  conclude  this  section  with  two  nontrivial  examples  of  protocols,  one  asynchronous  and  the 
other  synchronous.  These  protocols  will  be  frequently  referred  to  in  the  remainder  of  the  paper. 

Both  protocols  model  the  situation  of  a  completely  connected  network  of  n  processors  which 
operate  in  rounds.  On  each  round,  every  processor »'  sends  a  message  m,  j  to  each  other  processor 
j.  After  receiving  all  of  the  messages  sent  to  it  on  the  given  round,  processor  i  changes  state 
and  chooses  a  new  set  of  messages  to  send  out  on  the  next  round.  The  new  state  and  message 
set  depend  on  the  old  state  and  on  the  messages  received  during  the  round. 

In  protocol  A ,  the  messages  are  sent  asynchronously,  one  at  a  time,  via  message  buffers.  A 
buffer  either  contains  a  message  or  is  empty.  A  message  can  only  be  sent  to  an  empty  buffer 
and  only  received  from  a  non-empty  buffer.  Sending  a  message  makes  the  buffer  non-empty, 
and  receiving  a  message  makes  the  buffer  empty  again.  Thus,  the  execution  of  each  round  takes 
many  steps. 
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In  protocol  S,  all  messages  are  sent  and  received  in  one  big  synchronous  step,  that  is,  one 
step  of  B  corresponds  to  an  entire  round  of  A. 

2.3.1  Protocol  A 

Let  A  =  ,QaiIaita)  be  asynchronous  message  passing  protocol  defined  as  follows:  The 
first  n  participants  of  A  are  the  processors  ai,...,on;  the  remaining  (n  —  l)n  participants  are 
buffers.  For  a  global  state  p,  we  abuse  our  previous  notation  slightly  and  write  (p)0.  to  denote 
the  component  corresponding  to  a,-  and  j  to  denote  the  component  corresponding  to  buffer 
bij. 

The  set  of  possible  local  states  of  a  buffer  6,-j,  t  ^  j,  is  QbA  =  M  U  {A},  where  M  is  a  set 
of  possible  messages  and  A  is  a  special  symbol  denoting  the  null  message.  (p)j,.y  =  m  €  M 
indicates  that  the  single  message  m  was  sent  by  »  but  not  yet  delivered  to  j  in  global  state  p, 
and  (p)bij  —  A  indicates  that  no  message  is  waiting. 

The  set  of  possible  local  states  of  a  processor  a,-  is  QaA  =  (D  x  ( M  u  {A})"-1  x  N).  State 
(d, mi, . . . , m,_x i  m,-+i , . . . , mn, r)  indicates  that  the  processor  is  in  internal  state  d  at  round 
|r/2j  with  pending  messages  m1,...,m,_i,m,+1,...,mfl.  If  r  is  even,  then  the  processor  is  in 
a  ‘send’  state,  waiting  to  place  each  my  A  into  buffer  6,-j.  If  r  is  odd,  then  the  processor  is  in 
a  ‘receive’  state  waiting  to  fetch  a  message  from  hy,-  for  each  j  such  that  my  =  A. 

Thus,  the  complete  set  of  local  states  Q*  is  QaA  U  QhA. 

The  transitions  making  up  ta  are  of  four  kinds: 

1.  (p,  q)  €  Sendij  if 

•  p~g  for  all  eg  {o,-,6,j}; 

•  (P)»«  =  A; 

•  =  my  ^  A; 

•  (pH,  =  (d, . . . ,  my_! ,  my ,  my+i , . . . ,  2A:) ; 

•  (9)0,-  =  (d,  • . . ,  my_! ,  A,  my+1 , . . . ,  2fc) . 

2.  (p,  g)  €  End^endj  if 

•  p  ~  q  for  all  c  ^  a,-; 

•  (p)«.  =  <d,A . A,2fc)-, 

•  (?)oi  =  <d,A,...,A,2fr+  1). 

3.  (p,  g)  €  Reccivcij  if 

•  p~  g  for  all  c&  {a,-,6y,,}; 

•  (pH,..  =  my  ^  A; 

•  (?)»,.<  =  A; 

•  (p)o,  =  (d,...,my_i,A,my+1,...,2*+  1); 
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•  (?)o,  -{d,..., my_ i , my,  my+1 , . . . , 2k  +  1). 

4.  (p,  tf)  €  Endjreceivej  if 

•  p  ~  q  for  all  c  96  a,-; 

•  ( p)a,  =  {d,  mi, . . . ,  m„,  2/s  -t- 1) ,  where  my  ^  A  for  all  j  ^  t; 

•  (?)<«,  =  { d',m'l,...,mln,2k  +  2),  where  m'-  ^  A  for  all  j  ^  i,  and  d!  and  m'  are 
functions  of  (p)0i. 

Now  we  let  r p  consist  of  all  the  above  transitions: 

r/  =  Sendij  U  End^end;  u  Receiveij  U  Endjreceivei. 

•  J 

Finally  let  I p  be  some  nonempty  set  of  global  states  in  which  the  state  of  every  processor 
a;  has  the  form  (d,  m  1, . . . ,  mn,  0)  with  my  ^  A  for  all  j  #  t,  and  all  the  buffers  are  empty. 

2.3.2  Protocol  B 

Our  second  example  of  a  protocol  is  asynchronous  version  of  A.  Let  3  =  {n2 ,Qb,  Ib,tb),  where 

Qf  =  D  x  A/"-1  x  {2r  |  r  e  N}, 

Q\  =  {A}, 

<?8  =  Q$u<?bs. 

Let  Qb  =  ( Q%)n  x  {QiB)n(n~l\  Let  the  transitions  tb  consist  of  all  pairs  (p,q)  €  t}h(Qb  x  <JB) 
such  that  no  r/  path  in  A  from  p  to  q  goes  through  intermediate  global  states  in  ~QB .  Finally 
let  Jfl  =  Ip. 

We  see  that  the  reachable  global  states  of  B  all  belong  to  QB .  Thus,  all  buffers  are  always 
empty  and  the  local  states  of  the  o,  ’s  are  the  corresponding  states  from  A  at  the  beginning  of 
a  round.  It  is  not  hard  to  see  that  B  is  a  synchronous  version  of  A  such  that  in  each  round  all 
processors  send  n  —  1  messages  and  then  receive  n  —  1  messages. 


3  Definitions  of  Knowledge  and  Common  Knowledge 

It  is  convenient  to  picture  a  protocol  P  as  a  graph  with  nodes  consisting  of  all  the  elements  of 
Rp.  There  is  a  directed  edge  labelled  r  from  p  to  q  just  if  (p,  q)  €  r.  Furthermore  there  is  an 
undirected  edge  labelled  ‘*’  between  p  and  q  just  if  p  ~  q* 

4The  reader  familiar  with  Kripke  models  will  observe  that  an  alternate  description  of  a  protocol  P  is  as  a 
Kripke  model  K  —  (Rp,T,~, ...,£)  where  the  ~’s  are  equivalence  relations;  and  furthermore  for  all  worlds 
w,  to'  €  Rf  if  to  ~  to'  for  all  i  then  to  =  to'.  See  [FI85]  where  this  characterization  of  protocols  is  used  to  obtain 
a  simple  proof  that  propositional  logic  of  knowledge  and  branching  time  is  EXPTIME  complete. 
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Let  E  be  an  equivalence  relation  on  the  reachable  global  states  Rp  with  equivalence  classes 
[p]u,  P  €  Rp-  Corresponding  to  E  is  a  modal  operator  d(E).  For  any  sentence  a,6  it  is  natural 
to  make  the  following  definition  of  d(E)  a,  which  we  read  as  “box  E  a 

(F,p)f=D(E)cr  s  Vq  €  [p]e((^>?)  f=  a). 

Thus,  D(E)  cr  holds  just  if  a  is  true  in  all  the  worlds  .E-equivalent  to  the  current  world. 

Several  equivalence  relations  will  be  of  interest.  ~,  the  indistinguishability  relation  for 
participant  i,  has  already  been  defined.  We  denote  □(''*')  by  K,-,  which  we  read  “t  knows.” 
Thus,  i  knows  a  just  if  a  is  true  in  all  worlds  which  are  indistinguishable  by  i  from  the  current 
world. 

We  generalize  to  a  group  of  participants  G  C  Let 


that  is,  the  transitive  closure  of  the  union  of  the  ~  relations  for  t  €  G.  Thus,  we  have 

G  ... 

p&qo  (3r  >  0)(3ii,...,tr  €  G)(3pi, . . .  ,pr_i)[p  ~  pi  &p2...pr_1  k  g]. 

We  denote  by  Cc,  which  we  read  “it  is  common  knowledge  among  the  members  of  G”. 

{•}  ,•  G 

Note  that  rj  so  also  C{,}  s  K,-.  We  write  w  for  «  and  C  for  Cc  in  the  special  case  that  G 
includes  all  participants. 

The  next  result  shows  that  Ca  coincides  with  the  definition  current  in  the  literature.  (See 
for  example  [HM84].) 


Theorem  3.1  The  following  two  statements  are  equivalent: 

1-  (P>p)  f=  Ccar. 

2-  (Vr  >  0) (V*, . *V  S  G) «/>, p>  f=  K„  K,2  . . .  K,r a) . 


Proof 

(1  2):  For  any  0,  we  have  C c/?  — *  /?  since  p  tn  p.  Thus,  it  suffices  to  show  that  for  any  /?, 

if  {P ,p)  then  for  all  i  €  G,  (P,p)  (=  CcK,/?.  This  is  clear  because  if  q  s®  p  and  q'  ~  q 

G 

then  q  ft*  p;  hence  (P,q)  f=  K,/?.  Since  K,/?  bolds  for  all  q  e  [p]c,  it  is  common  knowledge  in  G 

cy 

at  p,  as  desired. 

4We  have  intentionally  left  the  logical  language  unspecified  from  which  the  sentence  a  is  drawn,  for  all  that  we 
require  is  that  it  be  possible  to  interpret  a  at  the  pair  {P,p)  (and  we  weaken  even  that  requirement  in  Section  6). 
Of  course  the  strongest  such  language  would  have  a  way  to  express  each  possible  subset  of  Rp.  The  languages 
we  consider  may  be  taken  to  be  some  unspecified  subset  of  this  strongest  language. 
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(2  =*■  1):  Suppose  that  ( P,p }  ^  C<ja.  It  follows  that  there  is  a  q  €  [p\o  such  that  (P,q)  f= 

Let  t'i,. . .  ,tr  eG  be  such  that  there  exists  pi, . . .  ,pr-i  with  p  ~  pi  ~  pi . .  .pr-i  ~  q ■  It 
follows  that  (P,p)  f=  -<K,-1  K,-,  . . .  K,,or.  ■ 

As  an  example  of  the  above  concepts,  the  next  proposition  shows  that  for  the  synchronous 
protocol  B  described  at  the  end  of  the  last  section,  whenever  a  processor  is  in  round  r,  it  is 
common  knowledge  among  all  the  processors  that  they  are  in  round  r.  We  will  see  in  the  next 
section  that  this  assertion  is  false  for  the  asynchronous  protocol  A. 

Proposition  3.2  Let  P  =  {l,...,n}  be  the  set  of  processors  in  protocol  B  (omitting  the 
buffers).  Let  i,j  €  P,  let  a(i,  r)  be  a  formula  meaning  that  processor  i  is  in  round  r,  and 
let  q  €  Rb  be  any  reachable  global  state.  Then 

(B,q)  \=  ot(i,r)  —  Cpa(j,r). 

Proof  It  is  trivial  to  show  by  induction  that  for  all  p  €  Rb,  all  the  processors  are  in  the  same 
round.  Therefore  suppose  that  { B,q )  f=  a(i,r).  It  follows  that  for  all  p  €  [q)p,  { B,p )  ot(j,r). 

ft3 

I 


4  Common  Knowledge  in  Asynchronous  Systems 

Informally,  an  “asynchronous  system”  has  two  kinds  of  participants,  “active”  and  “passive”. 
Typically,  the  active  elements  are  processors  and  the  passive  elements  are  memory  cells  or 
message  ports.  Every  step  of  such  a  system  consists  of  an  interaction  between  an  active  and  a 
passive  element,  and  whether  or  not  a  step  can  occur  depends  only  on  the  states  of  the  element 
pair  involved. 

In  our  more  general  model,  we  have  only  one  kind  of  participant,  so  we  define  a  protocol  to 
be  asynchronous  if  it  is  pairwise  local  as  defined  in  Section  2.  Thus,  every  interaction  “involves” 
at  most  two  participants,  and  two  steps  involving  disjoint  sets  of  participants  can  occur  in  either 
order  with  the  same  effect. 

The  theorem  that  follows  depends  on  much  less  than  full  asynchrony.  Thus,  we  define  a 
very  weak  notion  of  an  asynchronous  protocol  that  we  call  “nonsimultaneous”. 

Definition  4.1  LetG  C  {l,...,n}  be  a  specified  se*  of  participants  in  a  protocol  P  =  { n,Q,I,r ) 
We  will  call  P  nonsimultaneous  with  respect  to  G  if  for  all  ( p,q )  €  r,  there  is  a  participant  i  €  G 
not  affected  by  the  transition  (p,q ).  We  say  that  P  is  nonsimultaneous  if  it  is  nonsimultaneous 
with  respect  to  the  set  of  all  participants. 

As  an  example,  note  that  a  message  passing  protocol  such  as  in  [CM85]  is  nonsimultaneous 
with  respect  to  its  set  of  processors  provided  it  has  at  least  two  processors.  Note  also  that  any 
asynchronous  protocol  with  at  least  three  participants  is  nonsimultaneous. 
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The  following  theorem  shows  that  in  a  nonsimultaneous  protocol,  no  new  common  knowledge 
can  be  acheived.  (Cf.  (HM84J,  Theorem  3.) 

Theorem  4.2  Let  P  be  o  protocol  and  G  a  set  of  participants.  Let  p  be  any  global  state  in  Rp 
and  let  po  be  an  intial  state  from  which  p  is  reachable  by  a  sequence  of  r  steps,  all  of  which  are 
nonsimultaneous  with  respect  to  G.  Let  a  be  any  sentence  in  a  logic  for  P .  Then  ( P,p )  Cc a 

iff  (P,Po)  f=  Cco. 


Proof  It  suffices  to  show  that  q  e#  r  for  any  step  (q,r)  6  r  that  is  nonsimultaneous  with  respect 
G 

to  G ,  for  then  po  &  P  follows  by  considering  the  path  of  steps  from  po  to  p,  and  the  theorem 
then  follows  from  the  definition  of  common  knowledge  in  G.  But  if  (q,  r)  €  r  is  nonsimultaneous 

with  respect  to  G ,  then  there  must  exist  a  participant  j  €  G  unaffected  by  the  transition,  i.e. 
j  G 

such  that  q  ~  r.  It  follows  that  q  m  r.  I 


Corollary  4.3  Let  G  be  a  set  of  participants  in  a  protocol  P  that  is  nonsimultaneous  with 
respect  to  G.  Then  it  is  impossible  to  gain  new  common  knowledge  among  the  members  of  G. 

As  an  example,  consider  the  protocol  A  discussed  at  the  end  of  the  last  section.  It  is  easy 
to  check  that  A  is  nonsimultaneous  with  respect  to  any  set  of  G  participants  including  at  least 
two  processors  or  at  least  two  buffers.  Thus,  no  new  common  knowledge  among  the  members 
of  any  such  G  can  arise  in  A.  This  is  in  sharp  contrast  to  the  situation  for  A's  cousin  B  (cf. 
Proposition  3.2). 

It  would  seem  at  first  glance  that  the  difficulty  in  achieving  common  knowledge  has  to  do 
with  the  problem  of  reaching  an  arbitrary  depth  of  K’s  with  only  finitely  many  messages.  We 
conclude  this  section  with  a  look  at  finite  state  protocols  where  common  knowledge  is  equivalent 
to  a  bounded  stack  of  K’s. 

Theorem  4.4  Let  P  =  (n,Q,I,r)  be  a  finite  state  protocol,  i.e.  \Q\  <  oo.  For  each  i,  let 

Qi  —  {(9)1  I  9  € 

Thus,  each  processor  is  a  \Qi\-state  automaton.  Let  r  =  min{|Q,|  |  1  <  t  <  n}.  Let  p  be  any 
global  state  and  let  a  be  any  formula.  Then  the  following  are  equivalent: 

{ P>P )  h  Co. 

2.  For  all  ((P,p)  (=  K,-, . . .  K,3r_,o). 


Proof 

(1  =►  2):  By  definition  of  C. 
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(2  =>  1):  Suppose  that  (Ptp)  b  Ca.  Then  there  must  exist  g  €  [p]^  such  that  (P,q)  b  -'a. 
Consider  a  minimum  length  ~  chain  from  p  to  q: 

p  =  po  Ji  px  i2  pj  . . .  p#_x  it  pt  —  q 

No  nonconsecutive  pair  p;-,  p*  of  global  states  agree  on  any  component  because  if  they  did  the 
chain  could  be  shortened.  It  follows  that  in  any  given  component,  each  state  appears  at  most 
twice.  Therefore  s  <  2r  —  1.  It  follows  that 

{P>p)  b  “*Ki, K,s  . . .  K,-ar_,a. 

■ 


5  Alternate  Definitions  of  Knowledge 

Halpern  and  Moses  argue  that,  “If  Cp  is  to  be  attained,  all  processors  must  start  supporting  it 
simr ltaneously.” 6  Their  conclusion  is  that  in  the  absence  of  perfect  global  clocks  and  guaranteed 
exact  message  delivery  times,  one  must  settle  for  weaker  notions  than  common  knowledge.  They 
suggest  alternative  notions  and  discuss  when  these  can  be  acheived. 

*[HM84],  Lemma  2. 
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We  draw  a  differenct  conclusion  from  the  same  problem,  namely  we  believe  that  there  is  not 
a  best  or  most  desirable  common  knowledge  which  one  would  acheive  if  one  could;  but  rather 
that  different  notions  of  knowledge  and  common  knowledge  may  be  appropriate  for  different 
protocols. 

It  is  useful  to  consider  our  example  protocols  A  and  B .  We  hope  the  reader  will  agree  that 
they  are  realistic  instances  of  an  asynchronous  and  a  synchronous  message  passing  protocol, 
respectively.  Recall  that  new  common  knowledge  among  the  n  processors  is  attainable  in  B  but 
not  in  A.  This  is  confusing  because  in  a  very  strong  sense  A  and  B  are  isomorphic  protocols 
(cf.  [CM85]).7 

The  difference  between  protocols  A  and  B  concerns  the  granularity  at  which  processors  in 
the  two  protocols  may  introspect.  In  B,  processors  are  only  allowed  to  think  about  what  they 
know  at  the  start  of  each  round.  The  fact  that  two  structures  whose  observable  behaviors  are 
equivalent  should  differ  so  dramatically  in  terms  of  their  knowledge  gives  us  cause  to  reexamine 
our  definitions  of  knowledge  and  common  knowledge. 

Let  P  be  any  protocol  and  let  5  C  Rp  be  any  subset  of  reachable  global  states.  For  each 
i,  let  be  the  restriction  of  ~  to  S  x  S.  As  before,  let  G  C  {l,...,n}  be  a  group  of  the 
participants  in  a  protocol.  Let 


that  is,  the  transitive  closure  of  the  union  of  the  ~s  relations  for  i  G  G.  Thus,  we  have 
a 

pws?  p,  q  €  S  and 

(3r  >  0)(3t'i,..  .,tr  €  G)(3pi,.  €  S)[p~s  Pi  ~5  P2  ••  -Pr-i  ~s  ?]• 

We  generalize  our  previous  definitions  of  knowledge  by  letting  Kf  denote  the  modal  operator 
□(~s)  and  by  letting  C§  denote  the  modal  operator  □  •  ■^s  before,  we  omit  mention  of 

G  when  G  includes  all  participants. 

The  intuitive  meaning  of  “Kf  a”  is,  “Participant  i  knows  that  a  holds,  assuming  we  are  in 
S,"  and  the  intuitive  meaning  of  “C is,  “It  is  common  knowledge  among  the  members  of  G 
that  a  holds,  assuming  we  are  in  5.”  The  following  theorem  makes  this  intuition  precise. 

Theorem  5.1  Let  S  C  Rp,  let  p  €  S,  and  let  o  mean,  “We  are  in  S.*  Let  G  C  {l,...,n}. 
Then 

1-  (P,p)(=Kfo  (P,p)M.'(^o) 

{P>P)  t=Cga  *  (Vr>0)(Vi1,...,tr€G)((P,p)f=KflKfa...Kfra). 

TWe  will  call  a  pair  of  protocol*  cuch  a*  A  and  B,  all  of  whose  interactions  are  accomplished  by  a  series  of 
message*,  iiomorphic  if  the  set  of  messages  sequences  they  generate  is  identical  up  to  permutations  which  do  not 
switch  the  order  of  a  send  and  a  receive  by  the  same  participant,  nor  the  order  of  a  send  and  its  corresponding 
receive. 
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Proof  (1)  is  immediate  from  the  definition  of  Kf .  The  proof  of  (2)  is  similar  to  the  proof  of 
Theorem  3.1.  I 

For  any  protocol  P  and  any  nonempty  S  C  Rp,  the  operators  K5  and  Cs  seem  to  satisfy  all 
requirements  stated  in  [HM84]  for  such  knowledge  operators.  In  particular  we  note  that  they 
satisfy  Kripke’s  S5  axioms  (cf.  [La77]). 

Proposition  5.2  For  any  protocol  P,  any  nonempty  S  C  Rp,  and  G  C  {l,...,n},  the  opera¬ 
tors  Kf  and  C§  satisfy  the  S5  axioms  for  modal  operators. 

G 

Proof  This  is  immediate  from  the  fact  that  each  and  is  an  equivalence  relation.  I 

Let  us  now  consider  the  protocol  A  with  5  =  Rg .  The  following  proposition  relates  knowl¬ 
edge  in  B  to  knowledge  with  respect  to  5  in  A- 

Proposition  5.3  Let  S  =  Rg  and  p  €  S.  Let  a  be  any  knowledge  formula  all  of  whose  K’a 
and  C’s  have  the  superscript  S.  Let  ol  be  the  formula  resulting  from  a  when  we  remove  all  of 
the  superscripts  S.6  Then 

(A,p)  |=  a  O  (B,p>  1=  a' 

Proof  This  is  an  easy  induction  on  the  length  of  a.  The  most  interesting  case  is  when 
a  =  Kf  <p.  In  this  case 

(*>P)  Kf^J 

(for  all  q  €  [p]^)  (A ,  q)  N  V 
(for  all  g  e  {p]^)(B ,  g)  h  £>' 

<s,p>M,V  * 

■ 

It  follows  from  Propositions  5.2  and  5.3  that  if  we  consider  the  protocol  A  with  S  =  R&, 
then  we  get  a  quite  reasonable  definition  of  knowledge  and  common  knowledge.  Furthermore, 
with  these  definitions  new  common  knowledge  is  attained  in  an  asynchronous  protocol. 

Joe  Halpern  [Ha85]  points  out  that  we  are  in  a  sense  cheating  because  when  we  consider 
K5,  we  evaluate  formulas  only  at  the  global  states  in  5.  This  form  of  ‘cheating’  may  however 
be  useful  and  appropriate.  An  example  of  a  useful  restriction  of  attention  to  a  set  of  safe 
states  occurs  in  databases.  A  database  must  maintain  some  integrity  constraints  which  can  be 
violated  in  the  middle  of  certain  transactions.  It  is  useful  to  assert  that  the  constraints  are 
always  satisfied  and  to  evaluate  such  assertions  only  at  the  safe  states  in  which  no  transactions 
are  incomplete.  Note  that  during  a  typical  run  of  the  database  system,  no  such  safe  states  need 
occur. 

*Recmll  that  we  haven’t  specified  the  syntax  of  the  knowledge-free  formulas.  Any  uch  knowledge-free  subfor¬ 
mula  i  of  a  specifies  a  certain  subset  T  C  ft/.  We  assume  that  7  is  changed  to  1'  in  o'  where  7'  specifies  the 
same  subset  restricted  to  Ri ,  i.e.  V  =  T  n  R$ . 
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6  Conclusions 

We  have  gives  precise  formulations  of  distributed  protocols.  For  any  subset  5  of  the  reachable 
states,  we  have  given  a  precise  definition  of  knowledge  and  common  knowledge  with  respect 
to  S.  We  have  presented  theorems  outlining  some  cases  where  new  common  knowledge  can 
be  attained  and  some  cases  where  it  cannot.  Most  strikingly,  we  have  shown  that  in  certain 
situations  two  plausible  choices  for  S  can  give  completely  different  results. 

One  can  now  ask  the  question,  “For  which  sets  of  protocols  is  there  a  ‘best’  choice  for  S’?" 
and  thus  a  ‘best’  definition  for  knowledge  and  common  knowledge.  We  suspect  that  in  at  least 
certain  situations  there  may  be  such  a  best  5,  and  that  in  this  case  knowledge  and  common 
knowledge  with  respect  to  S  may  be  valuable  tools. 

Many  arguments  in  distributed  systems  are  first  formulated  at  the  intuitive  level  of  what 
certain  processors  ‘know’  at  certain  points  in  the  computation.  With  precise  definitions  for  these 
concepts,  it  may  be  easier  to  formulate  clear  and  correct  proofs.  We  believe  that  considerable 
work  is  needed  in  order  to  develop  logical  tools  and  demonstrate  their  usefulness  on  problems 
of  interest  in  distributed  systems. 
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